How to Resolve the “Trojan:HTML/Phish!pz” Alert in Windows Defender?

When Windows Defender flags the “Trojan:HTML/Phish!pz” threat, it generally means the detection is within application cache files, such as those of Firefox, typically during system backups or following updates. The most prevalent cause for this alert is the interaction between Windows Defender’s detection algorithms and cached web browser data, which might inadvertently be labeled as a phishing attempt.

Other contributing factors include the timing of software updates and the inclusion of certain files in system backup snapshots or shadow copies, which can lead to false positives. It’s crucial to recognize that this detection may not represent a true threat but could instead be a misclassification of harmless data as harmful.

The incorrect malware detection by Microsoft Defender in this instance originated after a security intelligence update in December, specifically version 1.403.1079.0. In most cases, the issue can be resolved by whitelisting the Profiles folder.

This guide will demonstrate how to address the Microsoft Defender detection using various methods, covering different scenarios.

Check Malware Detection Source

To determine if the malware warning from Microsoft Defender results from Mozilla Firefox, examine the file path of the affected item. If the file path includes “Mozilla” or “Firefox,” the web browser is likely the cause.

If there is no mention of Firefox in the file path, then your computer might be infected by actual malware, and you should perform a system-wide security scan. Refer to the last method in this guide if this is the case.

1. Clear Protection History

Clearing Microsoft Defender’s protection history is an effective first step to resolve any erroneous detections, which should remove the issue.

No direct option exists for clearing the protection history in Microsoft Defender, requiring you to manually delete the history files in File Explorer.

1. Open File Explorer by clicking the icon in the taskbar.
2. Click on the View drop-down menu and select Show > Hidden items.

   

3. Navigate to the following path:

   C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service

4. If access to the folder is restricted, boot into Safe Mode.
5. Press Win key + R to open the Run dialog.
6. Type msconfig and press Enter.

   

7. Go to the Boot tab in the System Configuration window.
8. Select the Safe boot checkbox and restart to enter Safe Mode.

   

9. Follow the earlier steps to access the protection history folder.
10. Delete all files within the folder and reboot your computer.
11. Check if the issue has been resolved.
12. Remember to uncheck the Safe Boot option to exit Safe Mode, as described in this tutorial.

2. Exclude Firefox Profiles Folder

Whitelisting the Profiles folder in Mozilla Firefox’s cache can rectify the incorrect malware detection by preventing Microsoft Defender from scanning this directory, thus eliminating the issue.

1. Open the Start Menu and search for Windows Security. Launch it.

   

2. Switch to the Virus and Threat Protection tab.

   

3. Click the Manage settings link under protection settings.

   

4. At the bottom, click Add or remove exclusions.

   

5. Select Add an exclusion.
6. Choose Folder from the drop-down menu.
7. Ensure hidden files are visible, then navigate to:

   C:\Users\[YourUsername]\AppData\Local\Mozilla\Firefox

8. Select the Profiles folder and click Select Folder.

3. Clear Firefox Cache on Close and Delete Shadow Copies

Resolving the Trojan:HTML/Phish!pz detection can be as simple as setting Firefox to clear its cache upon closing and deleting Windows’ shadow copies—snapshots of files used for restoration purposes.

This process is particularly helpful when encountering the issue during backups:

1. Launch Mozilla Firefox.
2. In the top-right, click on the More menu and select Settings.

   

3. Go to the Privacy and Security section.
4. Check the option Delete cookies and site data when Firefox is closed.

   

5. Open the Start Menu, search for Disk Cleanup, and start it.

   

6. Select your system drive (usually C:) and click OK.

   

7. Click Clean up system files.

   

8. Select the system drive again and click OK.
9. Move to the More Options tab.
10. Under System Restore and Shadow Copies, click Clean up.

    

11. Choose Delete.
12. Performing these steps should resolve your issue.

4. Update Mozilla Firefox

An outdated Mozilla Firefox may be to blame for the invalid Trojan:HTML/Phish!pz detection. Any inconsistencies usually get addressed in newer versions, so keeping Firefox up-to-date is essential:

1. Start Mozilla Firefox.
2. Click the More menu and navigate to Help > About Firefox.

   

3. Allow Firefox to check for and download any updates automatically.
4. Install the updates if available and restart Firefox.
5. See if this resolves the detection issue.

5. Run Security Scan

If none of the above methodologies resolve the Trojan:HTML/Phish!pz detection and it’s not caused by Firefox, a comprehensive security scan may be needed.

You have the option of various third-party antivirus tools or Windows Defender, which can be effective if your system is up to date:

1. Access the Start Menu and look for Windows Security; launch it.

   

2. Proceed to the Virus and Threat Protection section.

   

3. Click on Scan options.

   

4. Choose Microsoft Defender Antivirus (offline scan).

   

5. Hit Scan now and let the scan complete, which could take 15-20 minutes.
6. Upon scan completion, your problem should most likely be resolved.